Friday, August 2, 2024

Greenbrier Hotel Up for Public Auction

The Greenbrier Hotel, owned by Gov. Jim Justice and his family, has been announced for auction on the courthouse steps late this month because of default, according to a legal advertisement placed in Lewisburg’s West Virginia Daily News. more

So, why is this news?

One of the great vestiges of the Cold War is the Greenbrier bunker, a facility built to house all 535 members of Congress in the event of a nuclear attack.

In 1955, Dwight D. Eisenhower instructed the Department of Defense to draft emergency plans for Congress in case of a nuclear strike. Even if Washington, DC was destroyed, American officials needed a procedure to maintain the continuity of government. As part of these efforts, the Army Corps of Engineers was charged with scouting the location of a nuclear bunker for the members of Congress. They ultimately selected the Greenbrier, a luxury resort in White Sulphur Springs, West Virginia.

Greenbrier was chosen because of its location—relatively close and accessible to Washington, but far enough away to be safe from an atomic bomb—and because of its prior relationship with the United States government. During World War II, Greenbrier had served as an internment facility for Japanese, Italian, and German diplomats and then as a military hospital, where Eisenhower himself was at one time a patient. Although it returned to its original function as a hotel after the war, government officials occasionally held conferences at Greenbrier. more 
Video of the bunker.
Time to sing-s-long! or sing-a-long with... a little darker number.

Free TSCM AI Knowledge Wiki

The website, counterespionage.net, provides a comprehensive range of resources related to Technical Surveillance Countermeasures (TSCM), which can be considered as a knowledge wiki for several reasons:
  1. Informative Articles: It features detailed articles explaining what TSCM is and its importance in protecting corporate privacy and intellectual property. For example, the article on What Is TSCM? outlines the holistic approach needed for effective TSCM evaluations.
  2. Free Resources: The site offers free TSCM security reports, publications, and videos that educate users about various aspects of surveillance and counter-surveillance techniques. You can find these resources in the TSCM Information section.

  3. Guides and Tips: It includes practical guides such as the Security Director’s Guide to Discussing TSCM with Management and tips for businesses on counterespionage, which serve as valuable educational tools.

  4. Case Studies and Testimonials: The website also shares case studies and client testimonials that provide real-world examples of TSCM applications, enhancing the learning experience for users.

  5. FAQs and Expert Insights: The presence of a FAQ section allows users to get quick answers to common questions about TSCM, further contributing to its role as a knowledge base.

Overall, the combination of educational content, practical resources, and expert insights makes this website a valuable TSCM knowledge wiki. more

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more

This Week in Spy News

  • Canada women advance in Olympic soccer as emails show their coach supported spying. more
  • Like a spy thriller: Amazing details about assassination of Hamas leader Haniyeh in Tehran start to emerge. more
  • Moldova expels Russian diplomat and calls in envoy amid spy case. more
  • Suspected Russian spy locked up in Brooklyn freed in prisoner swap for Evan Gershovich, Paul Whelan more
  • Chinese Woman, 20, Reports Parents To Police After They Install Spy Camera In Her Bedroom more
  • Slovenian court convicts two Russians of espionage more
  • French citizen accused of espionage in Russia denied bail. more
  • The Philippine National Police is looking into the possibility that gadgets seized from a Chinese national were being used for scamming and espionage activities. more  Security Scrapbook Analysis: The equipment appears to have been obtained from pitsms.top, a Chinese manufacturer of a cellular "Fake Base Station" systems. This could be either a cyber-crime story, or a spy story, depending upon the intended use. Stay tuned. We will update you as this develops. You can watch the Fake Base Station being made, here.


Behind the Prisoner Swap: Spies, a Killer, Secret Messages and Unseen Diplomacy

A turning point came on June 25, when a group of C.I.A. officers sat across from their Russian counterparts during a secret meeting in a Middle Eastern capital.

The Americans floated a proposal: an exchange of two dozen prisoners sitting in jails in Russia, the United States and scattered across Europe, a far bigger and more complex deal than either side had previously contemplated but one that would give both Moscow and Western nations more reasons to say yes...

The Russian spies took the proposal back to Moscow, and only days later the C.I.A. director was on the phone with a Russian spy chief agreeing to the broad parameters of a massive prisoner swap. On Thursday, seven different planes touched down in Ankara, Turkey, and exchanged passengers, bringing to a successful close an intensive diplomatic effort that took place almost entirely out of public view. more

Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication....

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions...

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations. more

Wednesday, July 31, 2024

$2 billion Corporate Espionage Verdict Overturned by Appeals Court

Software company Pegasystems convinced a Virginia appeals court on Tuesday to throw out a $2 billion jury verdict for rival Appian in a court battle over Pegasystems’ alleged theft of Appian’s trade secrets.

The award from 2022 had been the largest damages verdict in Virginia court history, the Court of Appeals of Virginia said in the decision...

McLean, Virginia-based Appian had said in a 2020 lawsuit that Pegasystems hired a contractor to steal confidential information from Appian’s software platform in order to improve its own products and better train its sales force...

Appian said that Cambridge, Massachusetts-based Pegasystems referred internally to the contractor as a spy and to its scheme as “Project Crush,” with Pegasystems employees using fake credentials to access Appian’s software. Pegasystems characterized “Project Crush” as competitive research in a 2022 statement...

Pegasystems’ CEO said in a statement following the verdict that Appian’s CEO “could not identify one trade secret that Pega had allegedly misappropriated” during the trial. more

Moral: Make sure your "trade secrets" meet the requirements of, and can be clearly identified as, Trade Secrets. more

Tuesday, July 30, 2024

Interesting: AI Can Reveal What’s on Your Screen (sort of)

Hackers can intercept electromagnetic radiation leaking from the cable between your monitor and computer and decode what you are seeing on screen with the help of artificial intelligence.
Such attacks are probably taking place in the real world, says the team behind the work, but ordinary computer users have little to worry about...

Federico Larroca at the University of the Republic in Montevideo, Uruguay, and his colleagues have developed an AI model that can reconstruct an image from digital signals that were intercepted a few metres away from an HDMI cable...

Around 30 per cent of characters were misinterpreted by the eavesdropping process, but that is low enough that humans can read most of the text accurately, the team says. This error rate is about 60 per cent lower than the previous state-of-the-art attack, the researchers add. more

Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...
Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013,"
and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

Tag You're It

Police departments in the United Kingdom are using a “forensic spray”
to tag motorcyclists, e-bikes and other small vehicle riders that are causing a nuisance in Manchester.

The spray, called SmartTag, contains a unique traceable forensic code tied to the bottle, enabling the police department to easily decide where and when the individual was tagged. Only an extremely small amount of liquid is needed to be able to identify whether or not someone or something has been sprayed.

The liquid also cannot be washed off nor can it be detected by the naked eye, making it a suitable tool for law enforcement. more

Previously reported in the Security Scrapbook...
Saturday, May 15, 2010 - SmartWater - "I've been slimed!"

FutureWatch: AI to the Max - Will Intelligent Eavesdropping Bugs Be Possible?

SCIENTISTS ARE GROWING BRAINS IN LABS. COULD THEY BECOME CONSCIOUS? "IT HAS NO EYES, EARS, NOSE OR MOUTH — NOTHING'S COMING IN." (yet)

As scientists continue to make advances using human tissue to grow brains in laboratories, one neuroscientist is naming the existential elephant in the room: could lab-grown brains ever become truly conscious?

In an interview with Live Science, University of California at Santa Barbara neuroscientist Kenneth Kosik explained that as the science stands now, the facsimile brains made in labs aren't likely to achieve consciousness anytime soon. (Nothing to see here, don't worry, move on.)
These brain organoids, as the lab-grown brains are called, are created by taking someone's cells, converting them into stem cells, and differentiating those into neurons. more

Olympics: FIFA Hinders Canada’s chances with Punishments for Drone Spying

FIFA suspended Canada women’s soccer coach Bev Priestman for one year, deducted six points from the team’s Olympic group stage total and issued a fine
on Saturday in response to Canada flying a drone over New Zealand’s training sessions before the start of the Games.

The punishment immediately and severely hurt the chances for a second consecutive gold medal for Canada, which won the Olympic tournament in Tokyo in 2021, a run that was immediately questioned as the drone scandal emerged. more

Saturday, July 20, 2024

One Way Corporate Espionage Spies Cover Their Tracks

Residential proxy IP: The invisible cloak in corporate espionage.
From the IP vendor's ad...

"In the fiercely competitive business battlefield, information is power, and how to obtain and use this information has become a problem that every company needs to face. In this spy war without gunpowder, residential proxy IP is like an invisible cloak, providing strong protection and support for enterprises.

Imagine that you are an intelligence analyst at an emerging technology company, and your task is to collect and analyze the latest developments of competitors so that the company can make more informed decisions. However, the online world is not a smooth road, and your IP address can easily expose your true identity and intentions, making your actions subject to various restrictions. At this time, residential proxy IP is like a capable assistant, helping you to move forward invisibly in this spy war.

Residential proxy IP, as the name suggests, is to use the IP address of an ordinary home network environment for network access. Because these IP addresses come from real home users, they are difficult to identify and track. By using residential proxy IP, enterprises can hide their real IP address and avoid being discovered by competitors or network monitoring agencies. In this way, enterprises can access target websites, crawl data, analyze competitors' strategies, etc. more freely without worrying about being blocked by anti-crawler mechanisms or IP being blocked." more

Corporate Espionage: Steward Health Care Deployed Spy Outfits to Thwart Critics

Despite its financial turmoil and eventual bankruptcy, Steward Health Care allegedly spent millions spying on its adversaries, hiring intelligence companies to track and intimidate critics worldwide.


In what resembles a poorly written spy novel, Steward's leadership hired agents who placed tracking devices on the car of a financial analyst, accessed a healthcare executive’s phone to potentially blackmail him and circulated an allegedly false wire transfer to frame a politician, a report said.

The videos and documents with the incriminating details were obtained by journalism outfit the Organized Crime and Corruption Reporting Project and shared with the Boston Globe, who investigated the case further.

According to reporters, Steward executives who deployed these intelligence firms prioritized paying their bills over all others, including invoices from vendors and suppliers. Monthly expenses for intelligence services reached as high as $440,000, and from 2019 to 2023, Steward allocated over $7 million to these operations.

As to the legality of all of this, because the spying and fraud took place in various jurisdictions globally, it may not be possible to prosecute anyone responsible. more

The Devil Wears Prada - So Do Spies

Former Government Official Arrested For Acting As Unregistered Agent Of South Korean Government

U.S. Attorney Damian Williams said: “As alleged, Sue Mi Terry, a former CIA and White House employee, subverted foreign agent registration laws in order to provide South Korean intelligence officers with access, information, and advocacy

Terry allegedly sold out her positions and influence to the South Korean government in return for luxury handbags, expensive meals, and thousands of dollars of funding for her public policy program. 

 The charges brought should send a clear message to those in public policy who may be tempted to sell their expertise to a foreign government to think twice and ensure you are in accordance with the law.” more